---
title: N3xt_L3v3l CTF
tags: Forensic
---
****
### i got 14 th place
### Forensic
#### find malicious IP
https://drive.google.com/file/d/1B7SOtcyGYqaUPE6cw5NjgFFyzjtGZigb/view?usp=sharing
##### Solution
```
from collections import Counter
ip_list = []
with open("critical_api_access.log", "r") as file:
for line in file:
parts = line.split()
if parts: # Ensure line is not empty
ip = parts[0]
ip_list.append(ip)
# Count IP occurrences
ip_count = Counter(ip_list)
# Find IP with 360 occurrences
for ip, count in ip_count.items():
if count == 360:
print(f"Malicious IP: {ip} with {count} requests")
# Alternatively, print the top IPs
print("Top IPs:")
for ip, count in ip_count.most_common(10):
print(f"{ip}: {count}")
```
flag: n3xt{172.105.99.15}
#### History DB
##### i learn Token :)
https://drive.google.com/file/d/1kI44jLhOuiNAu9XM7IgC7Qr-_x0WezkJ/view?usp=sharing
#### shadow
it is quite tircky
i though password is in /etc/shadow , waste my time :(
damm shit
### Stegnography
https://gchq.github.io/CyberChef/#recipe=From_Base64('A-Za-z0-9%2B/%3D',true,false)ROT47(47)&input=UDJKSlJVeG1PV0JrTUdCa01EOWZaakJrWHpCaVkyUktUZz09
#### Nothing
when i open file it is nothing :)
i noticed Unicode text
##### Solution
```
hidden = open("file.txt", "r", encoding="utf-8").read()
bits = []
for ch in hidden:
if ch == "\u200b": # zero width space
bits.append("0")
elif ch == "\u200c": # zero width non-joiner
bits.append("1")
if bits:
print("Hidden bits:", "".join(bits))
flag = "".join(bits)
print("Decoded (as ASCII):", bytes(int(flag[i:i+8],2) for i in range(0,len(flag),8)))
```
#### hahhaha
hard to see, but i guess and its correct
:))))
### Web
#### A Secret in Silence
428
Author: abdullaxows
They say the developer loved things that were exactly 8 digits long. Rumor has it, the secret he left behind was made up of exactly 8 digits... Can you uncover what he tried to hide?
https://kz-shadow.ctf.n3xtl3v3l.site/
##### Solution Brute force 8 digits
to get jwt token
```
import jwt
import time
secret = "49932332"
payload = {
"user": "test",
"isAdmin": True,
"iat": int(time.time()),
"exp": int(time.time()) + 3600 # токен будет жить 1 час
}
token = jwt.encode(payload, secret, algorithm="HS256")
print(token)
```
#### Ancient Manuscripts
468
Author: abdullaxows
Within this site hides a secret file named flag.txt. Only careful reconnaissance will lead you to the prize.
https://dspool9.ctf.n3xtl3v3l.site/
https://dspool9.ctf.n3xtl3v3l.site/archive?page=../.secret/flag.txt
#### Crypto
import base64, codecs
s = "#g##%=Nk&_Rd';d#';NN\"h+<2$_P*i89)_+8'=<X}'_U4huhl)&`*;d#lW\"s~`u(&&+h)i+X4;u)~=VU!`4Nk`tV%X@p4&<T"
def rot47(t):
return ''.join(chr(33 + ((ord(c)-33+47) % 94)) if 33 <= ord(c) <= 126 else c for c in t)
step1 = codecs.encode(s, 'rot_13')
step2 = rot47(step1)
step3 = base64.b64decode(step2)
flag = base64.a85decode(step3).decode()
print(flag)
with open('message.txt','rb') as f: c = f.read()
with open('key.txt','rb') as f: k = f.read()
off = 9
p = bytes([c[i] ^ k[off+i] for i in range(len(c))])
print(p.decode())
Sign in with Wallet
Connect another wallet